git: 43ac6aef769c - 2021Q3 - devel/arcanist-lib: Use Mozilla root CA bundle

Michael Gmelin grembo at FreeBSD.org
Sat Oct 2 12:56:03 UTC 2021 

The branch 2021Q3 has been updated by grembo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=43ac6aef769c55551762dd013c5ab09ebcde8e6a

commit 43ac6aef769c55551762dd013c5ab09ebcde8e6a
Author:     Michael Gmelin <grembo at FreeBSD.org>
AuthorDate: 2021-10-01 11:03:43 +0000
Commit:     Michael Gmelin <grembo at FreeBSD.org>
CommitDate: 2021-10-02 12:54:09 +0000

    devel/arcanist-lib: Use Mozilla root CA bundle
    
    This fixes problems with Let's Encrypt certificates after
    the R3 Let's Encrypt intermediate CA expired.
    
    Arcanist uses its own certificate bundle by default (default.pem),
    overriding curl's default, unless curl.cainfo is set explicitly.
    
    The port now replaces this custom bundle with a symlink to Mozilla's
    root CA bundle as installed by security/ca_root_nss.
    
    PR: 258824
    Reported by: yasu
    
    (cherry picked from commit 21ddc093a48b642a6a0c533069ed2118d0cdd066)
---
 devel/arcanist-lib/Makefile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/devel/arcanist-lib/Makefile b/devel/arcanist-lib/Makefile
index b73e2d8f8a7d..7344c35a2d3d 100644
--- a/devel/arcanist-lib/Makefile
+++ b/devel/arcanist-lib/Makefile
@@ -1,5 +1,6 @@
 PORTNAME?=	arcanist
 PORTVERSION?=	20210113
+PORTREVISION?=  1
 CATEGORIES?=	devel
 PKGNAMESUFFIX=	${SLAVE_PKGNAMESUFFIX}${PHP_PKGNAMESUFFIX}
 
@@ -36,6 +37,8 @@ PLIST=		${.CURDIR}/pkg-plist
 .if ${SLAVEPORT} == lib
 SLAVE_PKGNAMESUFFIX=	-${SLAVEPORT}
 
+RUN_DEPENDS=	ca_root_nss>0:security/ca_root_nss
+
 OPTIONS_DEFINE=	ENCODINGS
 OPTIONS_DEFAULT=ENCODINGS
 ENCODINGS_DESC=	Support for encodings other than utf-8
@@ -78,6 +81,8 @@ do-install:
 	@${REINPLACE_CMD} \
 		's|%%PYTHON_CMD%%|${PYTHON_CMD}|g' \
 		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/src/workflow/ArcanistAnoidWorkflow.php
+	${LN} -sf ${LOCALBASE}/share/certs/ca-root-nss.crt \
+		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/resources/ssl/default.pem
 	${RLN} ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/support/shell/hooks/bash-completion.sh \
 		 ${STAGEDIR}${PREFIX}/share/bash-completion/completions/arc
 	${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/bin/arc shell-complete --generate

More information about the dev-commits-ports-all mailing list